VEL Programming Volunteers Needed

The Joomla Vulnerable Extension List, is a public list published by Joomla.org of reported plugins, extensions, modules and/or templates from 3rd party developers that have known or resolved security issues with them.

Currently the information on each VEL entry is published in individual content articles with no provisions for machine-readable output. Many requests have been made to provide a machine readable output to the community to make it easier to find out if a specific extension is listed on the VEL or not. The person generally wants to do for example one of the following things with the VEL information:

develop a plugin that automatically sends an email to the site administrator when an installed extension gets listed

add a feature to the built-in installer to warn users when a listed extension should be uninstalled

develop a tool for web hosts that allows them to specifically search for vulnerable Joomla installations on their servers

The solution to this problem is quite simple and the following points provide some idea as to what we are looking to do.

General:

VEL has 2 lists: Live and Resolved.Live are vulnerable extensions and resolved are ones removed from live list after developer has resolved issue(s)

JSON as best output - easy to integrate in almost all programming languages

The VEL team needs help in accomplishing this task. We are building a team that can help formulate and program a solution. If you are interested in donating some time to help accomplish this task then please contact the This email address is being protected from spambots. You need JavaScript enabled to view it..